We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to Configure Authentication Through a Site-to-Site VPN Tunnel

  • Last updated on

If your authentication server is located at a remote location connected via a site-to-site VPN tunnel. By default the firewall uses source-based VPN routing. To be able to connect to the remote authentication server the VPN routes must be added to the main routing table. VPN routes are always added with a metric of 10.

Before you begin

  • Verify that at least one static interface configuration or the management IP address is part of the local published network you want to use for the site-to-site VPN tunnel.
  • Go to NETWORK > Routing and verify that the VPN routes for the remote published networks will not break your existing routing configuration. 

Step 1. Configure a site-to-site VPN tunnel

Configure a site-to-site VPN tunnel. At least one local published network must be directly attached to the firewall and configuration as a static network interface or as the management network.

For more information, see How to Configure a Site-to-Site VPN with IPsec or Example - Configuring a Site-to-Site IPsec VPN Tunnel.

vpn_routes00.png

Step 2. Change VPN settings to add VPN routes to main routing table

In expert mode, switch from the default source-based routing to adding the VPN routed to the main routing table.

Replacing VPN source-based routing without a proper migration plan may break your current setup and cause loss of connectivity. VPN routes are always added with the metric set to 10.

  1. Go to VPN > Settings.
  2. Append &expert=1 to the URL to switch to expert mode.
  3. In the VPN Routes section, set Add VPN Routes to Main Routing Table to Yes.
  4. Enter the VPN Interface IP address. The IP address must meet the following criteria:
    • The IP address must be in one of the site-to-site VPN local published networks.
    • The IP address must be assigned to a static network interface as a primary or secondary IP address, or the management or secondary IP address in the management network.
      vpn_routes01.png
  5. Click Save.

Go to NETWORK > Routing and verify that the VPN routes are now in the main routing table:

vpn_routes02.png

Step 3. Configure authentication server

Configure the external authentication server. Click Test Connection to verify that the firewall can connect to the remote authentication server through the site-to-site VPN.

For more information, see How to Configure an External Authentication Service

Last updated on